Functional encryption for public-attribute inner products: Achieving constant-size ciphertexts with adaptive security or support for negation

In functional encryption (FE) schemes, ciphertexts and private keys are associated with attributes and decryption is possible whenever key and ciphertext attributes are suitably related. It is known that expressive realizations can be obtained from a simple functional encryption flavor called inner product encryption (IPE), where decryption is allowed whenever ciphertext and key attributes form orthogonal vectors. In this paper, we construct public-attribute inner product encryption (PAIPE) systems, where ciphertext attributes are public (in contrast to attribute-hiding IPE systems). Our PAIPE schemes feature constant-size ciphertexts for the zero and non-zero evaluations of inner products. These schemes respectively imply an adaptively secure identity-based broadcast encryption scheme and an identity-based revocation mechanism that both feature short ciphertexts and rely on simple assumptions in prime order groups. We also introduce the notion of negated spatial encryption, which subsumes non-zero-mode PAIPE and can be seen as the revocation analogue of the spatial encryption primitive of Boneh and Hamburg.